#!/usr/bin/env python3

============================================================================

FIX7 AUTHORITY-SEAL -- CODEX DIRECT-PROBE REPRODUCTION HARNESS

Reproduces Codex's 8 direct adversarial probes (the ones that proved

fail-open) plus 7 additional provenance/grammar probe classes Codex named in

the rejection ledger, against whatever authority_seal_encoder module is on the

import path. Prints, for each probe: ACCEPTED (digest produced) or REJECTED

(exact Reject status). Exit 0 iff EVERY probe is REJECTED (i.e. fail-closed).

Usage: python3 codex_probes.py # imports authority_seal_encoder

============================================================================

import sys, json import authority_seal_encoder as E

HEX64 = "a" * 64 results = []

def probe(pid, codex_blocker, desc, fn): """fn() either returns a digest (ACCEPTED) or raises E.Reject (REJECTED).""" try: out = fn() accepted = isinstance(out, str) and len(out) == 64 results.append({"id": pid, "codex": codex_blocker, "desc": desc, "verdict": "ACCEPTED", "detail": (out[:16] + "..") if accepted else repr(out)}) except E.Reject as e: results.append({"id": pid, "codex": codex_blocker, "desc": desc, "verdict": "REJECTED", "detail": e.status}) except Exception as e: # any other exception = also a form of closed, but report type results.append({"id": pid, "codex": codex_blocker, "desc": desc, "verdict": "REJECTED", "detail": type(e).name + ":" + str(e)[:40]})

def n7_with(**over): p = E.fixture_n7_pairs() return [(k, over.get(k, v)) for k, v in p]

def n8_with(n7, **over): p = E.fixture_n8_pairs(n7) return [(k, over.get(k, v)) for k, v in p]

def p7_with(n7, n8, **over): p = E.fixture_p7_pairs(n7, n8) return [(k, over.get(k, v)) for k, v in p]

canonical fixture chain (valid) to derive dependent digests

N7 = E.encode_node("N7", E.fixture_n7_pairs()) N8 = E.encode_node("N8", E.fixture_n8_pairs(N7))

---- Codex's 8 direct probes ----

probe("CP1", "FINAL-AS-VALUE-GRAMMAR", 'N7 canonicalizer_sha256="NOT_A_SHA"', lambda: E.encode_node("N7", n7_with(canonicalizer_sha256="NOT_A_SHA"))) probe("CP2", "FINAL-AS-VALUE-GRAMMAR", 'N7 approval_event_id=""', lambda: E.encode_node("N7", n7_with(approval_event_id=""))) probe("CP3", "FINAL-AS-VALUE-GRAMMAR", 'N8 sealed_by=""', lambda: E.encode_node("N8", n8_with(N7, sealed_by=""))) probe("CP4", "FINAL-AS-VALUE-GRAMMAR", 'N8 report_documents_digest="NOT_A_SHA"', lambda: E.encode_node("N8", n8_with(N7, report_documents_digest="NOT_A_SHA"))) probe("CP5", "FINAL-AS-VALUE-GRAMMAR", 'P7 pinned_canonicalizer_revision="not-an-int"', lambda: E.encode_node("P7", p7_with(N7, N8, pinned_canonicalizer_revision="not-an-int"))) probe("CP6", "FINAL-AS-VALUE-GRAMMAR", 'P7 pinned_canonicalizer_utf8_bytes="-1"', lambda: E.encode_node("P7", p7_with(N7, N8, pinned_canonicalizer_utf8_bytes="-1"))) probe("CP7", "FINAL-AS-REPORT-SET", 'report_documents_digest([])', lambda: E.report_documents_digest([])) probe("CP8", "FINAL-AS-REPORT-SET", 'duplicate report-document records', lambda: E.report_documents_digest([("doc-a.md", "1"), ("doc-a.md", "1")]))

---- additional probe classes named in the rejection ledger ----

probe("CP9", "FINAL-AS-VALUE-GRAMMAR", 'N7 membership_sha256 uppercase hex', lambda: E.encode_node("N7", n7_with(membership_sha256="F" * 64))) probe("CP10", "FINAL-AS-VALUE-GRAMMAR", 'N7 canonicalizer_sha256 63 hex (short)', lambda: E.encode_node("N7", n7_with(canonicalizer_sha256="a" * 63))) probe("CP11", "FINAL-AS-VALUE-GRAMMAR", 'N7 approver_identity="" (empty signer/identity)', lambda: E.encode_node("N7", n7_with(approver_identity=""))) probe("CP12", "FINAL-AS-VALUE-GRAMMAR", 'N7 approval_event_timestamp="not-a-time"', lambda: E.encode_node("N7", n7_with(approval_event_timestamp="not-a-time"))) probe("CP13", "FINAL-AS-VALUE-GRAMMAR", 'P7 pinned_canonicalizer_utf8_bytes="0" (non-positive)', lambda: E.encode_node("P7", p7_with(N7, N8, pinned_canonicalizer_utf8_bytes="0"))) probe("CP14", "FINAL-AS-VALUE-GRAMMAR", 'P7 pinned_canonicalizer_document_id="" (empty path)', lambda: E.encode_node("P7", p7_with(N7, N8, pinned_canonicalizer_document_id=""))) probe("CP15", "FINAL-AS-REPORT-SET", 'report doc id="" (empty document id)', lambda: E.report_documents_digest([("", "1")])) probe("CP16", "FINAL-AS-REPORT-SET", 'report revision="not-an-int"', lambda: E.report_documents_digest([("doc-a.md", "x")]))

---- provenance probes (require provenance-aware real-N7 API; if absent the

probe is ACCEPTED == fail-open, which is exactly Codex's complaint) ----

def real_n7_rehearsal_n6(): fn = getattr(E, "encode_real_n7", None) if fn is None: # no provenance gate exists -> rehearsal N6 silently usable as real return E.encode_node("N7", E.fixture_n7_pairs()) # provenance-aware: feed a REHEARSAL-classed N6 corpus return fn(E.fixture_n7_pairs(), provenance={"active_corpus_sha256": "REHEARSAL"})

probe("CP17", "FINAL-AS-PROVENANCE", "REHEARSAL N6 into REAL N7", real_n7_rehearsal_n6)

def real_n7_missing_provenance(): fn = getattr(E, "encode_real_n7", None) if fn is None: return E.encode_node("N7", E.fixture_n7_pairs()) return fn(E.fixture_n7_pairs(), provenance={})

probe("CP18", "FINAL-AS-PROVENANCE", "missing provenance into REAL N7", real_n7_missing_provenance)

def real_n7_forbidden_provenance(): fn = getattr(E, "encode_real_n7", None) if fn is None: return E.encode_node("N7", E.fixture_n7_pairs()) return fn(E.fixture_n7_pairs(), provenance={"active_corpus_sha256": "FORBIDDEN_FOR_REAL_SEAL"})

probe("CP19", "FINAL-AS-PROVENANCE", "FORBIDDEN provenance class into REAL N7", real_n7_forbidden_provenance)

caught = sum(1 for r in results if r["verdict"] == "REJECTED") for r in results: print(f" [{r['verdict']:8}] {r['id']:<4} {r['codex']:<22} {r['desc']} -> {r['detail']}") print(f"CODEX-PROBES: {caught}/{len(results)} REJECTED (fail-closed); " f"accepted(fail-open)={len(results)-caught}") if "--json" in sys.argv: out = sys.argv[sys.argv.index("--json") + 1] json.dump({"rejected": caught, "total": len(results), "probes": results}, open(out, "w"), indent=2) sys.exit(0 if caught == len(results) else 1)